FTC Finalizes Order with Marriott and Starwood Requiring Them to Implement a Robust Data Security Program to Address Security Failures Federal Trade Commission
pAn official website of the United States governmentppHeres how you knowpp
The gov means its official
Federal government websites often end in gov or mil Before sharing sensitive information make sure youre on a federal government site
pp
The site is secure
The https ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely
ppWe enforce federal competition and consumer protection laws that prevent anticompetitive deceptive and unfair business practicesppView EnforcementppFind legal resources and guidance to understand your business responsibilities and comply with the lawppBrowse legal resourcesppView all Competition Matters Blog postsppWe work to advance government policies that protect consumers and promote competitionppView PolicyppFind legal resources and guidance to understand your business responsibilities and comply with the lawppBrowse legal resourcesppMemo from Chair Lina M Khan to commission staff and commissioners regarding the vision and priorities for the FTCppLearn moreppView all Technology Blog postsppLearn more about your rights as a consumer and how to spot and avoid scams Find the resources you need to understand how consumer protection law impacts your businessppVisit militaryconsumergovppVisit consumergovppVisit Competition CountsppCompetition GuidanceppView News and EventsppView more EventsppSign up for the latest newsppLearn about the FTCs notable video game cases and what our agency is doing to keep the public safeppExplore refund statistics including where refunds were sent and the dollar amounts refunded with this visualizationppOur mission is protecting the public from deceptive or unfair business practices and from unfair methods of competition through law enforcement advocacy research and educationppLearn more about the FTCppLina M Khan was sworn in as Chair of the Federal Trade Commission on June 15 2021ppChair Lina M KhanppLooking for legal documents or records Search the Legal Library insteadppLooking for legal documents or records Search the Legal Library insteadppTagsppThe Federal Trade Commission finalized an order requiring Marriott International Inc and its subsidiary Starwood Hotels Resorts Worldwide LLC to implement a comprehensive information security program to settle charges that the companies failed to implement reasonable data security which led to three large data breaches affecting more than 344 million customers worldwideppIn a complaint first announced in October the FTC charged that Marriott and Starwood deceived consumers by claiming to have reasonable and appropriate data security when they in fact failed to deploy reasonable security to protect consumers personal information These security failures resulted in at least three separate data breaches that enabled malicious actors to obtain vast amounts of personal information from hundreds of millions of consumers including passport information payment card numbers and loyalty numbers according to the complaintppUnder the order Marriott and Starwood are required to establish a comprehensive information security program to help safeguard customers personal information implement a policy to retain personal information only for as long is reasonably necessary and establish a link on their website for US customers to request for personal information associated with their email address or loyalty rewards account number to be deleted The order also requires Marriott to review loyalty rewards accounts upon customer request and restore stolen loyalty pointsppThe companies are also prohibited from misrepresenting how they collect maintain use delete or disclose consumers personal information and the extent to which the companies protect the privacy security availability confidentiality or integrity of personal informationppAfter receiving two comments the Commission voted 302to approve the final order and send responses to the commenters Commissioner Ferguson and Commissioner Holyoak are recused from this matterppThe Federal Trade Commission works to promote competition and protect and educate consumers The FTC will never demand money make threats tell you to transfer money or promise you a prize Learn more about consumer topics at consumerftcgov or report fraud scams and bad business practices at ReportFraudftcgov Follow the FTC on social media read consumer alerts and the business blog and sign up to get the latest FTC news and alertsp
The gov means its official
Federal government websites often end in gov or mil Before sharing sensitive information make sure youre on a federal government site
pp
The site is secure
The https ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely
ppWe enforce federal competition and consumer protection laws that prevent anticompetitive deceptive and unfair business practicesppView EnforcementppFind legal resources and guidance to understand your business responsibilities and comply with the lawppBrowse legal resourcesppView all Competition Matters Blog postsppWe work to advance government policies that protect consumers and promote competitionppView PolicyppFind legal resources and guidance to understand your business responsibilities and comply with the lawppBrowse legal resourcesppMemo from Chair Lina M Khan to commission staff and commissioners regarding the vision and priorities for the FTCppLearn moreppView all Technology Blog postsppLearn more about your rights as a consumer and how to spot and avoid scams Find the resources you need to understand how consumer protection law impacts your businessppVisit militaryconsumergovppVisit consumergovppVisit Competition CountsppCompetition GuidanceppView News and EventsppView more EventsppSign up for the latest newsppLearn about the FTCs notable video game cases and what our agency is doing to keep the public safeppExplore refund statistics including where refunds were sent and the dollar amounts refunded with this visualizationppOur mission is protecting the public from deceptive or unfair business practices and from unfair methods of competition through law enforcement advocacy research and educationppLearn more about the FTCppLina M Khan was sworn in as Chair of the Federal Trade Commission on June 15 2021ppChair Lina M KhanppLooking for legal documents or records Search the Legal Library insteadppLooking for legal documents or records Search the Legal Library insteadppTagsppThe Federal Trade Commission finalized an order requiring Marriott International Inc and its subsidiary Starwood Hotels Resorts Worldwide LLC to implement a comprehensive information security program to settle charges that the companies failed to implement reasonable data security which led to three large data breaches affecting more than 344 million customers worldwideppIn a complaint first announced in October the FTC charged that Marriott and Starwood deceived consumers by claiming to have reasonable and appropriate data security when they in fact failed to deploy reasonable security to protect consumers personal information These security failures resulted in at least three separate data breaches that enabled malicious actors to obtain vast amounts of personal information from hundreds of millions of consumers including passport information payment card numbers and loyalty numbers according to the complaintppUnder the order Marriott and Starwood are required to establish a comprehensive information security program to help safeguard customers personal information implement a policy to retain personal information only for as long is reasonably necessary and establish a link on their website for US customers to request for personal information associated with their email address or loyalty rewards account number to be deleted The order also requires Marriott to review loyalty rewards accounts upon customer request and restore stolen loyalty pointsppThe companies are also prohibited from misrepresenting how they collect maintain use delete or disclose consumers personal information and the extent to which the companies protect the privacy security availability confidentiality or integrity of personal informationppAfter receiving two comments the Commission voted 302to approve the final order and send responses to the commenters Commissioner Ferguson and Commissioner Holyoak are recused from this matterppThe Federal Trade Commission works to promote competition and protect and educate consumers The FTC will never demand money make threats tell you to transfer money or promise you a prize Learn more about consumer topics at consumerftcgov or report fraud scams and bad business practices at ReportFraudftcgov Follow the FTC on social media read consumer alerts and the business blog and sign up to get the latest FTC news and alertsp
